Hi. I have bastion MX servers which relay incoming messages after appropriate checks (virus, spam, standards, and greylist), but also relay outgoing messages to the Internet from my internal network; among other things these servers use milter-greylist. Today, one of my users said something to me that really made me think. "If I send a message to someone on the Internet, then I should really accept mail from that address -- anybody I send a message to should be whitelisted, at least for some period of time." Assuming sender@... sends a message to recipient@..., it seems like the moral equivalent of: racl whitelist from recipient@... rcpt sender@... should automatically just happen, with some configurable timeout on the rule... ideally, in a format that the MX sync function would recognize. This would be an action based on just the inverted sender-recipient pair, rather than a sender-recipient-sendingIP tuple. What it comes down to is that there's a reasonable argument, to me, that sending a message to an address grants permission to that address to send mail to me for some period of time. So... this is first a request for a sanity check and, if sane, a feature request. I'm willing to work on it, but really don't understand the code to milter-greylist particularly well. I do have more reading to do, of course.... -Bill -- William Yang, CISSP William.Yang@...
Message
A less strict auto-whitelist?
2009-06-24 by William Yang / CISSP